Some router svchost/dhcp questions

[trippin]

Now that i have a router im wandering how i can have my rules set correctly.
Lan settings is NOT set to auto detect.
Under global rules the only allow i have is allow dhcp/ protocol udp where remote and local are bootps, bootpc, 546, 547.
I have dns service for winxp disabled and dns cache for outpost disabled keeping in mind. Ok for svchost should i have a rule to allow dns (udp/outbound/remote port 53/remote host= my 2 dns servers) and also (udp/inbound/remote host = 2 dns servers/local port 53)
Now im wandering what the remote host ip i should add for the allow dhcp rule (udp/outbound/rem port=bootps/localport=bootpc
and also for bootps inbound allow rule (udp/inbound/rem port=bootps)
Those are the only 4 allow rules i have under svchost
Under tcp/ip properties i have it set like this
ip address 192.168.1.101
subnet mask 255.255.255.0
default gateway 192.168.1.1
then the 2 dns severs.
for my other pc only the first ip address changes.
so again for each rule which ips do i add, and any other changes anyone would make?

[kronckew]

my hardware router/firewall is also my dns server and dhcp server so my rules use it's ip for those functions. my isp's dns server addresses are programed into the router which acts as a dns proxy. my default gateway is also set to the router ip. i have lan settings set to allow the router address as trusted (i do not have other pc's on my local lan else they'd be in there via ip/subnet mask). have a look at the faq section here regarding secure settings and lan settings.

[chrisclu]

I'm set up like kronk. Router has DNS info in admin page.
Turn on Auto-detect in LAN settings. You will be just fine

[trippin]

ok, thanks i set my lan settings to auto-detect and trusted.
Now svchost doesnt even need any allow rules.
Is it because by doing this all communication between 192.168.1.0 and 255.255.255.0 which is my router and my pc i guess??.. is allowed..? or how exactly does this work.
Will this make me anymore vulnerable then the way i had my rules set before ??

[kronckew]

that setting allows anyone connected to your local subnet with an IP of 192.168.1.1-255 to connect in a trusted state. as long as it's just you and your router in that range you are OK. if you hook another pc to your router it also will be OK and trusted if it's ip is in that range. if someone tries to connect with a different subnet ip range, the autodetect will add them in, so it is best to untick the autodetect after it 'finds' your legal network, unticking will not change the settings after it's done its thing.

[chrisclu]

You can also limit the number of addresses your router will assign. I have 2 desktops, a laptop conected occaionally and a network printer. I have told my linkys to allow 4 addresses( you can specify the allowable range too eg 192.168.1.145-149)